Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 85
10 Adequacy of Technical Infrastructure INTRODUCTION Nuclear industry licensees and the regulators have reached an accord on the application of analog instrumentation and control (I&C) technology in nuclear plants. Many of the types of concerns expressed about digital technology, such as EMI/RFI (electromagnetic/radiofrequency interference) and other environmental stressors and the human-machine interface, are applicable to analog technology as well. For handling the analog I&C issues there is a technical infrastructure in place upon which the licensees and regulators rely. There is a continuing challenge to master the current state of technology and to prepare for changes that are coming. Application of digital I&C technology is not as mature, particularly as applied in nuclear plant safety systems where high reliability and assurance of safe performance are paramount. Further, as has been noted repeatedly in this report, advances in digital I&C technology occur frequently and are rapidly adopted in many types of industries. This problem should be a particular concern for licensees, regulators, vendors, and other ancillary bodies such as standards institutes. Unless the expertise and infrastructure are there, little progress can be made. U.S. Nuclear Regulatory Commission Activities Because this report is a response to a request by the U.S. Nuclear Regulatory Commission (USNRC) regarding the use of digital I&C technology in nuclear power plants, the committee paid particular attention to the USNRC activities in this regard. The committee looked for evidence of a strategic approach by the USNRC to the regulation of digital I&C introduced into nuclear power plants, expecting to see a USNRC road map for its staffing, training, and research programs to support the regulation of digital I&C. Earlier concerns expressed by the Advisory Committee on Reactor Safeguards and Nuclear Safety Research Review Committee (see Chapter 1) about the need for changes in research, staffing, and training set the stage for the committee to investigate these attributes. USNRC Chairman Jackson echoed some of these concerns when she challenged the USNRC staff to prepare, perhaps with the help of "a steering committee of senior level managers as well as technical experts" and "with greater commitment than has heretofore been the case," a regulatory framework for digital I&C (Jackson, 1995). In addition, the committee was interested in the effect on the USNRC process for assessing new technology and introducing it into the nuclear industry of such factors such as declining budgets, the general decline in the number of new technical graduates, and the availability of technical expertise. Statement of the Issue Does the USNRC need to make changes in its staffing, training, and research program to support its regulation of digital I&C technology in nuclear power plants? If so, what is the appropriate program for the USNRC? How should this program be structured so that it maintains its effectiveness in the face of rapidly moving and developing technology and generally declining budgets? U.S. NUCLEAR REGULATORY COMMISSION REGULATORY POSITIONS AND PLANS Staffing The USNRC Office of Nuclear Reactor Regulation (NRR) is charged with all licensing and inspection activities associated with the design, construction, and operation of existing and proposed nuclear power plants. They are supported in this role by inspectors from the USNRC's regional offices and by on-site inspectors at the nuclear power plants. The USNRC Office of Nuclear Regulatory Research (RES) is tasked with providing independent information support for regulatory decision making, conducting research to resolve safety issues and to anticipate potential problems, and developing technical regulations and standards. In FY 1996,
OCR for page 86
the USNRC had 10 NRR staff members and 6 RES staff members involved in digital I&C work, out of a total staff of 650 (NRR) and 212 (RES), respectively. These figures are a slight increase over the FY 1994-1995 period. Training In their October 1995 discussions with the committee (see Appendix B ), the USNRC staff noted that they had several decades of experience with digital I&C technology. Nonetheless, the staff reported that they are improving their expertise in this area by hiring experienced personnel and improving the training of existing staff on a staff-specific basis at courses offered by universities, industry groups, and commercial companies. In FY 1996, $16,000 was allocated in the USNRC training budget for these external training courses. (In FY 1994, only $5000 was budgeted.) A digital I&C working group is developing a training program at the USNRC Technical Training Division in Chattanooga, Tennessee, whose target audience is intended to be region-based inspectors, technical reviewers at headquarters, and resident inspectors at nuclear power plants. The program will involve commercial courses to provide a technical foundation and an annual "digital I&C regulatory perspectives" workshop to provide knowledge and skills in agency policy and inspection techniques. In FY 1996, the Technical Training Division allocated 1.5 staff members to this area, out of a total staff of 30 and a training budget of approximately $4 million. The committee was briefed twice on this training program, in April and October 1995 (see Appendix B), and discusses it again later in this chapter. Research Plan The RES office conducts its research (including the area of I&C technology) primarily to support user (NRR) needs, although some research is anticipatory. The NRR office also sponsors some "technical assistance" work in I&C technology, primarily at the Lawrence Livermore National Laboratory in California. The USNRC I&C research program includes work on a number of topics, including software verification and validation, high-integrity software for nuclear power plants, development of new regulatory guides, assessment of software languages, and environmental qualification of digital I&C equipment. New research needs are identified from current research work, other federal agency research work (such as at the Center for High Integrity Software Systems Assurance of the National Institute of Standards and Technology), involvement in foreign research (the Halden Reactor Project), and other safety-critical industry interactions (e.g., with the Federal Aviation Administration). The committee noted with some concern that the RES research budget is expected to decrease by one-third during the next few years, although it is unclear how much of the reduction the digital I&C area will absorb. (Total RES funding allocated to digital I&C technology was approximately $3 million in FY 1996, a very slight increase over FY 1995, out of a total RES research budget of $68 million and NRR research budget of $14 million in FY 1996.) Budget reductions are also being faced in the coming years by the national laboratories of the Department of Energy, where much of the USNRC's research is conducted. In an age of continuing technological evolution, reducing investment in research and development adds to the importance of making good strategic decisions. DEVELOPMENTS IN THE U.S. NUCLEAR INDUSTRY During the course of Phase 2 activities, the committee talked with three digital I&C vendors about their basic approach to providing digital systems to the nuclear industry: Foxboro Controls, General Electric Nuclear Engineering, and Westinghouse. The committee did not obtain specific information on their staffing, training, or research planning. The business opportunities perceived by these (and similar) companies, upon which the nuclear industry depends for digital I&C systems, undoubtedly will influence their staffing, training, and research. The committee also talked with a number of nuclear utilities engaged in digital I&C upgrades: Baltimore Gas and Electric Company, Public Service Electric and Gas Company, Northeast Utilities, and Pacific Gas and Electric Company. Each of their approaches to staffing, training, and research appeared to be somewhat similar. Baltimore Gas and Electric Company (Calvert Cliffs plant in Lusby, Maryland) has initiated in-house software engineering training courses with an emphasis on acquiring practical experience. In conducting upgrades, they either use in-house staff with the required expertise or hire expert consultants to assist. The representative from Public Service Electric and Gas Company (Salem plant in Salem, New Jersey) pointed out that training and staff development activities must address organizational issues that may exist within utilities. For example, utility organizations often separate instrumentation and control from computer systems, which may result in segregation of staff expertise on digital I&C technology within one part of the organization while responsibility for a digital I&C upgrade belongs to another. This hampers transfer of knowledge and expertise. Much of the research in the U.S. nuclear industry is sponsored by organizations such as the Electric Power Research Institute (EPRI). For example, the committee notes that EPRI and the Tennessee Valley Authority have established an advanced power plant I&C center at TVA's Kingston power plant. The center is intended to be a focal point and test bed for research on advanced I&C technologies for all power and process industries. The center will also promote technology transfer and offer technical courses. At the present time the USNRC does not participate in this endeavor.
OCR for page 87
DEVELOPMENTS IN THE FOREIGN NUCLEAR INDUSTRY During the course of Phase 2 activities, the committee also talked with representatives from the Canadian and Japanese nuclear power industries and had access to information on the British and French experiences with digital I&C pertaining to software quality assurance. The committee did not obtain information on their staffing, training, or research plans. The Japanese have a technical advisory committee on nuclear power generation to coordinate resolution of technical issues between licensees and the regulator, the Ministry of International Trade and Industry (MITI). A prototype qualification test of the digital safety systems for the advanced pressurized water reactor (APWR) and advanced boiling water reactor (ABWR) designs was conducted during 1987–1991 by the Nuclear Power Engineering Corporation, sponsored by MITI. The Japan Atomic Energy Research Institute will initiate a project this year to study reliability of digital I&C systems. The major Japanese nuclear vendors also have large in-house research activities, coordinated with the nuclear utilities and centered on research and development of digital systems for their advanced plants. Digital upgrades to replace obsolescent analog equipment is not a major concern in Japan (Utsumi, 1996). DEVELOPMENTS IN OTHER SAFETY-CRITICAL INDUSTRIES In the course of its study, the committee also talked to a number of representatives from other safety-critical industries (see Appendix B). The committee did not receive specific information about how they conducted their own staffing, training, and research programs. However, it was interesting to note similar concerns about regulator expertise in the railroad and medical sectors; representatives from both sectors felt that their industry was well ahead of the regulator in digital application expertise. In the field of aerospace, the FAA's use of designated engineering representatives to supplement its own staff levels (and expertise) was an interesting approach. The designated engineering representatives are not FAA employees but are certified by the FAA in the industry and provide expertise and oversight to assure FAA requirements are met. Based on discussions with the committee, most vendors in other industries maintain in-house advanced technology offices and conduct collaborative research externally with universities. ANALYSIS To establish and maintain an adequate and effective regulatory program for digital I&C technology, the USNRC needs the following: (a) sufficient numbers of staff conducting an efficient review process; (b) an introductory and continuing (advanced) training program for existing staff and a targeted digital I&C staff recruitment program that assure that all regulatory staff share a common understanding of state-of-the-art digital technology, incorporate experience from retrofit reviews, and stay abreast of new technological developments; and (c) an anticipatory, focused research program that supports regulatory needs. Staffing The USNRC is charged with regulating implementation of nuclear technology. However, the staff has been criticized by members of the Advisory Committee on Reactor Safeguards (see, e.g., Lewis, 1992) for not acquiring the proper level of staffing and training appropriate to the rapidly moving digital I&C technology. There are a number of factors that make it difficult to stay current in this area. Computer technology is a rapidly growing area but there is a general decline in the number of new technical graduates interested in the nuclear field. This is because the field of nuclear power is not growing. There is a lack of new power plant construction in the U.S. nuclear industry and the USNRC is faced with a declining budget. All of these factors make it more difficult to recruit the needed well-trained computer science or software engineers. The committee has been told by a number of utilities that when digital I&C retrofits require USNRC staff review, this process may typically entail an extra six months of time and significant expenditure of staff resources to respond to USNRC questions and regulatory uncertainty. These factors often persuade the utility applicant to modify (and downscale, if needed) the proposed change to allow the change to fall within the scope of 10 CFR 50.59. Such reluctance to make more complete plant modifications does not prevent maintaining plant safety; but it may mean that safety improvements are not being made and that maintaining adequate safety becomes more difficult and expensive. If the estimates given the committee by the utilities of extra time and expense required to respond to USNRC staff reviews have widespread validity, then it must be questioned whether enough USNRC staff are being assigned to the digital I&C area or whether the USNRC's review process itself cannot be made more efficient. The USNRC organizational structure itself—with its intentional separation between the research (RES) and regulatory (NRR) offices—may be causing other problems, e.g., reduced intrastaff communication, duplication of research functions in both offices, or an overemphasis of research on near-term issues and insufficient attention to longer-range, developing needs. In short, if needed interaction or techniques are not readily available because of organizational hindrances, these hindrances may be a source of delays in the review process that must be addressed. With respect to standards and guidance documents, the USNRC depends on industry groups and professional societies to develop them in the first instance. These standards
OCR for page 88
and documents are then reviewed and endorsed by the USNRC, usually with caveats and exceptions. This process for developing standards moves slowly, taking from one to a few years, with additional time required for official USNRC review and approval (a long time cycle unsuited to keeping pace with rapid developments). Although this approach has not been adopted for the purpose of minimizing USNRC staff, possibly it is thought to be helpful in this regard. As a result, the efforts of the USNRC staff may be focused exclusively on reviewing and adopting standards for technology, leading to inefficiencies and discouraging personnel by isolating them from the mainstream of the technology. Training A set of minimal required technical skills for the regulation of current and future digital I&C systems can be defined. These skills would include hardware, software, the human-machine interface, digital systems design, nuclear systems, with software quality assurance techniques representing a particular training need. Emphasis should be placed on obtaining and training personnel with cross-discipline skills such as human factors knowledge combined with knowledge of digital computers, computer interfaces, and software. This defined set of skills could be used to measure the current skill levels of USNRC staff members charged with regulating digital I&C systems, and an appropriate training program could be put in place to strengthen skills where needed. If in order to meet regulatory needs a delegation system analogous to the FAA's use of designated engineering representatives is found to be needed, then a skill category for managing the delegates could be added. At the time of the committee's spring 1995 visit to the USNRC Technical Training Center in Chattanooga, Tennessee (see Appendix B), personnel at the training center indicated that they were in fact developing a training curriculum for digital I&C technology, in spite of a general reduction in training budgets. The committee understands that since this time a training program has been initiated. A first of a projected annual series of Digital I&C Regulatory Perspectives workshops was held in December 1995 and in addition USNRC regulatory staff personnel have attended specific digital technology training courses. Although internal assessments by the USNRC of the skills, knowledge, and aptitudes they believe are requisite for the regulation of digital I&C systems are useful, the committee believes they are not as effective as a thorough external assessment. The USNRC's new training program for digital I&C could be subjected to outside review and perhaps evaluated by independent training organizations (such as the International Society for Measurement and Control or the Institute for Nuclear Power Operations) or certification processes. Another factor to consider in addressing staff training is significant variations that may exist among USNRC headquarters (NRR) technical reviewers of proposed upgrades and among USNRC regional inspectors in terms of technical expertise and areas of emphasis. (It may be noted that a USNRC Inspector General audit report dated December 27, 1995, found large disparities between regional inspection programs.) These differences may either slow down the review process or result in inadequate reviews. In some disciplines (e.g., engineering, medicine), when individuals attain a defined level of competence they become "certified," "qualified," or ''licensed." This entails application of standards for both a basic grasp of the current state of the art and more importantly continuing education to stay abreast of new technological developments. Formal certification of software engineers is a controversial topic but there are approaches such as the FAA's designated engineering representative program. If an outside organization (e.g., the American National Standards Institute or the Institute of Electrical and Electronics Engineers) could provide such a mechanism for USNRC staff personnel (and utility personnel), this might alleviate some of the problems of inconsistency in regulatory reviews, particularly when combined with improved and clarified regulatory criteria (see Chapter 9). Part of the committee's consideration of USNRC professional development and training activities was the above-mentioned visit to the USNRC Technical Training Center, where a set of control room simulators representative of a few of today's plants are located. Only one of these simulators (Black Fox) represents a digital I&C based control room and it is not state-of-the-practice. The newest of the simulators is of 1971 vintage. These simulators are used to train USNRC headquarters and regional personnel as well as the resident inspectors at the individual plants, primarily through illustrating plant transient response and control room crew response and duties. There is apparently little or no focus on using the simulators to teach or illustrate the types of changes that the retrofits of digital I&C technology bring to the existing control rooms and control panels or to illustrate the issues of concern to the USNRC in regulating these changes. However, the committee notes that these simulators might be very useful in this regard. For example, the simulators could themselves be modified to reflect mixed digital- and analog-based equipment such as digital-based meters and recorders, monitors, keyboards, touch screens, and computer-based alarm systems. In this way USNRC personnel could see for themselves the impact on control room operators. Also, modifying the hardware and software and keeping them current would provide some useful practical experience. Research Plan The committee also examined the research program of the USNRC's Office of Nuclear Regulatory Research in the digital I&C technology area. The committee found
OCR for page 89
this program to be a disjointed collection of studies, which the USNRC personnel involved in the work agreed lacks an underlying strategic plan. Although the studies under way in the USNRC research program may be able to resolve some of the issues confronting the regulators in applying digital I&C technology, a more structured, coherent, strategic plan is needed to better utilize the limited resources available and to obtain a more complete resolution of all the issues. A strategic plan would also support coordination of the USNRC program with programs of the nuclear industry and others active in the area. This problem has been identified before in reviews of the research program by the Nuclear Safety Research Review Committee (NSRRC, 1994). Preceding chapters in the present report have identified areas where the committee believes the USNRC research could be more effective: In Chapter 3, Systems Aspects of Digital I&C Technology, the committee recommends that the USNRC develop and provide specific guidance in digital I&C architecture including separation of protection and control functions; implementation of closed loop control algorithms so they are executed in a predictable manner; the use of mathematics to specify control and command functions for better understanding and easier review; and the handling of data bases used by command and control functions. In Chapter 4, Software Quality Assurance, the committee recommends that USNRC research in software quality assurance focus on early phases of the software life cycle. In Chapter 5, Common-Mode Software Failure Potential, the committee recommends the USNRC redirect research plans on common-mode software failure. Specifically, the committee suggests that funding research to try to evaluate design diversity is not a reasonable use of USNRC research funds. In Chapter 6, Safety and Reliability Assessment Methods, the committee recommends that the USNRC research plan include quantitative assessment methodologies for the software and hardware of digital systems. Although the absolute values of quantitative assessments of software failure probabilities will have large uncertainties, the rigor and systematic approach of quantitative assessments would lead to better analyses. Also in Chapter 6, the committee recommends that the USNRC strive to develop methods to use the experiential data from COTS equipment in performing quantitative assessments. In Chapter 7, Human Factors and Human-Machine Interfaces, the committee recommends that the USNRC research in the human factors area be leveraged with research and best practices in other industries. The committee recommends that results from the USNRC research be contributed to the research community at large to obtain the benefits of broad-based review and discussion. Further, the committee recommends that the USNRC consider supporting research at the higher levels of human-system integration. Finally, the committee recommends that the USNRC consider coordinating a facility in which the U.S. nuclear industry can prototype and empirically evaluate proposed designs. In Chapter 8, Dedication of Commercial Off-the-Shelf Hardware and Software, the committee recommends that the USNRC establish what, if any, research is needed with respect to acceptance of COTS in safety applications in nuclear plants. In Chapter 9, Case-by-Case Licensing Process, the committee recommends that the USNRC catalogue 10 CFR 50.59 evaluations of digital upgrades in some centralized fashion. It is recommended that this cataloguing be studied in a way that lessons learned can be distilled and transmitted to the industry and to all cognizant NRC review staff. In addressing the technical infrastructure issue, the subject of the present chapter, the committee noted a fundamental problem that affects the nuclear industry as well as the nuclear regulators. This problem is the historical reliance on the professional societies and industry groups to create and update the needed standards and guidance documents, largely through volunteer committees. This approach was effective in the past because the technologies of interest evolved rather slowly and cycle times of one to a few years were acceptable. The generation time for the digital-based technologies is much shorter and the committee-based approach cannot keep up with the industry. This is made worse by the fact that the nuclear industry is not a large, influential customer of the digital I&C industry and it has difficulty in imposing its requirements. As a result, the nuclear industry and its regulators can become technically isolated and the gap could widen with time. A more proactive, efficient method is needed to develop and keep the nuclear-related digital I&C standards up to date. Although the USNRC staff has begun to be more aggressive and participates early in the industry committees and working groups, which is very helpful, by itself this increased participation is not likely to be sufficient. In Chapter 9, the committee recommends the use of chartered task groups to address this need, and that recommendation is reiterated here in view of its importance to assuring adequate technical infrastructure, not only to the regulators but to the industry as a whole. CONCLUSIONS AND RECOMMENDATIONS Conclusions Conclusion 1. The USNRC should make changes in its staffing, training, and research program to support its regulation of digital I&C technology in nuclear power plants. Specific recommendations are provided below. Conclusion 2. The issue of adequate technical infrastructure is applicable not only to the USNRC but also to the nuclear industry as a whole. Many of the committee's recommendations for the USNRC have parallel applications to the nuclear industry.
OCR for page 90
Conclusion 3. The USNRC must anticipate that the regulatory technical infrastructure will continue to be challenged by advancing digital I&C technology. The focus of the near-term licensing effort will be on digital upgrades and certification of the advanced plants. The USNRC will have to continue to expand its technical infrastructure as use of digital technology expands and its sophistication increases. Conclusion 4. There are problems inherent in the historical process for developing standards and industry guidelines, particularly those applied to the rapidly advancing digital technology. Pending development of alternate approaches, early involvement by the USNRC in developing standards and industry guidelines will foster more timely availability of regulatory guidance and acceptance criteria. Conclusion 5. A strategic plan is needed for the USNRC research program on digital I&C applications. The current research program is a disjointed collection of studies lacking an underlying strategy and in some specific cases pursuing topics of questionable worth. The staff structure of the USNRC, which separates the staff of the Office of Nuclear Reactor Regulation (NRR) from the staff of the Office of Nuclear Regulatory Research (RES) and mandates that the RES staff respond to NRR "user needs," may be an obstacle to development of a coherent plan that balances near-term regulatory decision making and long-term research into problems on the horizon. Periodic outside review of the USNRC research program could help assure that the right issues are being addressed and could also lead to areas of collaborative research. The committee is aware of and notes favorably the impact of the existing Nuclear Safety Research Review Committee. However, a more formal, outside review would be useful. Perhaps this could be done on an exchange basis with other agencies to reduce resource demands. Recommendations Staffing Recommendation 1. Despite difficulties posed by declining budget and staffing levels in the face of rapidly moving technology and a stagnating nuclear industry, the USNRC must explore ways to improve the efficiency of the review process with existing staff and resources. Training Recommendation 2. The USNRC should define a set of minimal and continuing training needs for existing and recruited staff. Particular attention should be paid to software quality assurance expertise. Once defined, the USNRC training program should be subjected to appropriate external review. Certification of USNRC expertise levels is one possibility the USNRC may wish to consider. Research Plan Recommendation 3. Consistent with Conclusion 5 above, the USNRC should develop a strategic plan for the research program conducted by the RES and NRR offices. The plan should emphasize balancing short-term regulatory needs and long-term, anticipatory research needs and should incorporate means of leveraging available resources to accomplish both sets of research objectives. It should also reach out more effectively to relevant technical communities (e.g., by the establishment of research simulators for human factors research), to the Electric Power Research Institute, to the Department of Energy, to foreign nuclear organizations, and to other safety-critical industries dealing with digital I&C issues. In making this recommendation, the committee recognizes the Halden Reactor Project provides an example of such cooperative research; but much of the Halden work cannot be published widely and therefore lacks the benefit of rigorous peer scrutiny. Recommendation 4. Because research in the digital I&C area may require a longer time frame than that of single fiscal years, the USNRC should give consideration to planning and arranging funding on a multiyear basis. General Recommendation 5. Consistent with Conclusion 4 above, the USNRC should consider ways to accelerate preparation and updating of needed standards and guidance documents. In particular, the USNRC should consider using chartered task groups (see Recommendation 3 in Chapter 9). REFERENCES Jackson, S. 1995. Letter from Shirley Jackson (Chairman, USNRC) to James Taylor (Executive Director for Operations, USNRC), November 30, 1995. Washington, D.C. Lewis, H. 1992. Digital Instrumentation and Control Systems. Letter to I. Selin, Chairman, USNRC, dated December 11, 1992. NSRRC (Nuclear Safety Research Review Committee). 1994. Summary of November 29–30, 1993 Meeting of Subcommittee on Advanced Instrumentation and Controls and Human Factors. Letter to E. Beckjord, USNRC, dated January 14, 1994. USNRC (U.S. Nuclear Regulatory Commission). 1995. Internal audit by USNRC inspector general, December 27, 1995. Washington, D.C. Utsumi, M. 1996. Mitsubishi Heavy Industries, presentation to the Committee on Application of Digital Instrumentation and Control Systems to Nuclear Power Plant Operations and Safety, San Francisco, Calif., January.
Representative terms from entire chapter: